-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
avoid creating Boxes of uninitalized values in RawVec #61230
Conversation
r? @KodrAus (rust_highfive has picked a reviewer for you, use r? to override) |
r? @RalfJung |
Note: I haven't actually audited the uses of this method, but it seems unlikely that they aren't fine, b/c we run tests under miri. |
I am not sure how great our test coverage is here.^^ Also, "invalid data in a So, it might be worth mentioning that the UB this talks about is a still-under-discussion point, similar to what I did in
And it's probably worth auditing the uses. There are not many (at least on in liballoc+libstd). |
Heh, you are 100% right. Here's at least one case where we do Lines 549 to 550 in be10e62
Should that code be (optimistically) rewritten to use |
I'd prefer rewriting it -- also to see what the ergonomic impact is. |
83847db
to
83d85e5
Compare
That usage turned out the singe one where we expose uninit memory Things I've looked at
I've rewritten the docs to just make "elements must be initialized" the invariant of the method itself, with a copy-pasted note that the language-level rule is under construction. Don't know if the patch works: compiling LLVM 😭 |
tests pass locally |
src/liballoc/boxed.rs
Outdated
unsafe { | ||
ptr::copy_nonoverlapping(self.as_ptr(), buf.ptr(), len); | ||
from_boxed_utf8_unchecked(buf.into_box()) | ||
from_boxed_utf8_unchecked(self.as_bytes().into()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But where does this even allocate and copy now...?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the From<[u8]> for Box<[u8]> impl, which is also adjusted in this PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To clarify, the impl I am talking about is the generic one over T
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you call Box<_>::from(...)
instead of .into()
to make that clearer? And maybe move that out of the unsafe
block to make it clear that that is not a weird thing that "steals" self
or so.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good call, fixed
Co-Authored-By: Ralf Jung <[email protected]>
Thanks! @bors r+ |
📌 Commit fe31ad3 has been approved by |
avoid creating Boxes of uninitalized values in RawVec `RawVec<bool>::into_box` is definitely instant UB, if not all values are initialized. See https://gankro.github.io/blah/initialize-me-maybe/
Rollup of 9 pull requests Successful merges: - #61084 (Clarify docs for unreachable! macro) - #61220 (Added error message for E0284) - #61227 (Use .await syntax instead of await!) - #61230 (avoid creating Boxes of uninitalized values in RawVec) - #61237 (Updated the Iterator docs with information about overriding methods.) - #61241 (Check place iterative) - #61242 (Make dest_needs_borrow iterate instead of recurse) - #61247 (Make eval_place iterate instead of recurse) - #61248 (Use Place::local) Failed merges: r? @ghost
Rollup of 9 pull requests Successful merges: - #61084 (Clarify docs for unreachable! macro) - #61220 (Added error message for E0284) - #61227 (Use .await syntax instead of await!) - #61230 (avoid creating Boxes of uninitalized values in RawVec) - #61237 (Updated the Iterator docs with information about overriding methods.) - #61241 (Check place iterative) - #61242 (Make dest_needs_borrow iterate instead of recurse) - #61247 (Make eval_place iterate instead of recurse) - #61248 (Use Place::local) Failed merges: r? @ghost
RawVec<bool>::into_box
is definitely instant UB, if not all values are initialized.See https://gankro.github.io/blah/initialize-me-maybe/